Package management

The Package stage of the DevOps pipeline focuses on creating a consistent and dependable supply chain and distribution layer to integrate with any development environment. Drive DevOps acceleration by ensuring software flows freely, quickly, and without interruption through your pipelines with an integrated universal package management solution.

Note that this stage is also involved in delivering improvements for our mobile development and delivery and CI/CD use cases. If you have an interest in these topics, please also take a look there.

Feel free to reach out to PM Jason Lenny (E-Mail) if you'd like to provide feedback or ask questions about what's coming.

Private, Secure, Reliable, and Compliant Supply Chains

Developing concurrently with GitLab is done by taking advantage of our single application which supports integrated package management. Our initial focus is on making supply chains privately accessible. This will make sharing packages within your organization/team easier and better manageable.

By continuously identifying compliance and security evidence in planned and in production releases GitLab reduces open source risk. Developers can safely rely on a wide array of external dependencies through scanning and auditing. Making this information concurrent and transparent ensures confidence in what you are building and releasing for everyone involved.

Universal Package Type Management & DevOps acceleration

GitLab's strength comes from being a single application and will ensure a single interface with unified authentication for managing dependencies, registries, and package repositories. As of today, we support Java Maven Packages, Docker images, and NPM. We are building a universal package management solution, supporting a wide array of package repositories. This flexibility and accessibility will allow GitLab users to increase throughput consistently.

Categories

There are a few product categories that are critical for success here; each one is intended to represent what you might find as an entire product out in the market. We want our single application to solve the important problems solved by other tools in this space - if you see an opportunity where we can deliver a specific solution that would be enough for you to switch over to GitLab, please reach out to the PM for this stage and let us know.

Each of these categories has a designated level of maturity; you can read more about our category maturity model to help you decide which categories you want to start using and when.

Container Registry

A secure and private registry for Docker images built-in to GitLab. Creating, pushing, and retrieving images works out of the box with GitLab CI/CD. This category is at the "viable" level of maturity.

NPM Registry

JavaScript developers need a secure, standardized way to share and version control NPM packages across projects. An NPM registry offers developers of lower-level services a way to publish their code that's built right into GitLab. This category is at the "minimal" level of maturity.

Rubygem Registry

A Rubygem registry offers ruby developers an easy to use, built-in solution to share and version control ruby gems in a standardized and controlled way. Internally provisioning sets teams up for improved features around privacy and pipeline build speeds. This category is planned, but not yet available.

Linux Package Registry

Linux distros depend on linux package regisitries for distribution of installable software. By supporting Debian and RPM we will cater to a large segment of our users and allow systems administration tasks to be brought in-house. This category is planned, but not yet available.

Helm Chart Registry

Kubernetes cluster integrations can take advantage of Helm charts to standardize their distribution and install processes. Supporting a built-in helm chart registry allows for better, self-managed container orchestration. This category is planned, but not yet available.

Dependency Proxy

The GitLab dependency proxy can serve as an intermediary between your local developers and automation and the world of packages that need to be fetched from remote repositories. By adding a security and validation layer to a caching proxy, you can ensure reliability, accuracy, and auditability for the packages you depend on. This category is planned, but not yet available.

What's Next

It's important to call out that the below plan can change any moment and should not be taken as a hard commitment, though we do try to keep things generally stable. In general, we follow the same prioritization guidelines as the product team at large. Issues will tend to flow from having no milestone, to being added to the backlog, to being added to this page and/or a specific milestone for delivery.

12.2 (2019-08-22)

FY20 Q3

FY20 Q4

Other Interesting Items

There are a number of other issues that we've identified as being interesting that we are potentially thinking about, but do not currently have planned by setting a milestone for delivery. Some are good ideas we want to do, but don't yet know when; some we may never get around to, some may be replaced by another idea, and some are just waiting for that right spark of inspiration to turn them into something special.

Remember that at GitLab, everyone can contribute! This is one of our fundamental values and something we truly believe in, so if you have feedback on any of these items you're more than welcome to jump into the discussion. Our vision and product are truly something we build together!